<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ page import="java.io.*,java.util.*,java.sql.*"%>
<%@ page import="javax.servlet.http.*,javax.servlet.*" %>
<%
	String username = request.getParameter("username");
	String password = request.getParameter("password");
	
	try {
		Class.forName("com.mysql.jdbc.Driver");
		Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/bookstore", "root", "");
		String strSQL = "select * from user where username=? AND PASSWORD=?;";
		PreparedStatement pst = conn.prepareStatement(strSQL);
		pst.setString(1, username);
		pst.setString(2, password);
		ResultSet rs = pst.executeQuery();
		boolean found = false;
		
		while (rs.next()) {
			int _id = rs.getInt(1);
			String _username = rs.getString(2);
			session.setAttribute("_id", _id);
			session.setAttribute("_username", _username);
			found = true;
		}
		
		if (found) {
			response.sendRedirect("./loginsuccess.jsp");
		} else {
			response.sendRedirect("./loginfail.jsp");
		}
	
		rs.close();
		pst.close();
		conn.close();
	} catch (Exception e) {
		out.print(e.toString());
	}
%>